44
To do… Use the command…
Remarks
Enter system view system-view —
Create a NAS ID profile and enter
NAS ID profile view
aaa nas-id profile profile-name Required
Configure a NAS ID-VLAN binding
nas-id nas-identifier bind vlan
vlan-id
Required
By default, no NAS ID-VLAN
binding exists.
Displaying and maintaining AAA
To do… Use the command… Remarks
Display the configuration
information of ISP domains
display domain [ isp-name ] [ | { begin |
exclude | include } regular-expression ]
Available in any view
Display information about user
connections
display connection [ access-type { dot1x |
mac-authentication | portal } | domain
isp-name | interface interface-type
interface-number | ip ip-address | mac
mac-address | ucibindex ucib-index |
user-name user-name | vlan vlan-id ] [ slot
slot-number ] [ | { begin | exclude | include }
regular-expression ]
Available in any view
AAA configuration examples
Unless otherwise noted, devices in the configuration examples are operating in non-FIPS mode.
AAA for Telnet users by an HWTACACS server
Network requirements
As shown in Figure 9,
• Configure the switch to use the HWTACACS server to provide authentication, authorization, and
accounting services for Telnet users. The IP address of the server is 10.1.1.1/24.
• Set the shared keys for authentication, authorization, and accounting packets exchanged with the
HWTACACS server to expert. Configure the switch to remove the domain name from a user name
before sending the user name to the HWTACACS server.
To Next Page
Loading...
